Microsoft Security Saturday – 1/9/2021

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1 In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch for and why—and offers cybersecurity guidance and best practices on how to structure and evolve red and blue teaming within your organization.

Hunt for Azure Active Directory sign-in eventsWe are happy to announce the public preview availability of a new data source in Microsoft 365 Defender advanced hunting. Two new tables for Azure Active Directory sign-ins are now available in advanced hunting.

Azure Sentinel: Using rule templatesMicrosoft’s Azure Sentinel, our Security Incident and Event Management (SIEM) solution, enables you to connect activity data from different sources into a shared workspace. That data ingestion is just the first step in the process though. The power comes from what you can now do with that data, including investigating incident alerts, building your own dashboards with workbooks, responding to threats with security playbooks and hunting for security threats.

How to use tagging effectively in Microsoft Defender for Endpoint (Part 1)One important feature which often isn’t utilised correctly is the use of tags within Microsoft Defender for Endpoint.  This is a functionality that was introduced to allow you to apply a granular level of control over how you manage your devices.  

Azure Sentinel – What’s new: Improved Analytics Preview Graph in Public Preview !Rule tuning is a delicate and continuous process of balancing between detecting all threats and reducing false and benign positives. The more accurate and less noisy the rules are, the better the detections will be. To support this goal within Azure Sentinel, we are delighted to announce improvements to the “Preview Graph” feature now in public preview.

Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impactIf an organization experiences a breach of customer or employee personal information, they must report it within the required time frame. The size and scope of this reporting effort can be massive. Using Microsoft 365 Advanced Audit and Advanced eDiscovery to better understand the scope of the breach can minimize the burden on customers as well as the financial and reputational cost to the organization.

Attack simulation training in Microsoft Defender for Office 365 now Generally AvailableWe are pleased to announce the General Availability (GA) of Attack simulation training in Microsoft Defender for Office 365. Delivered in partnership with Terranova Security, Attack simulation training is an intelligent social engineering risk management tool that automates the creation and management of phishing simulations to help customers detect, prioritize and remediate phishing risks by using real phish and hyper-targeted training to change employee behaviors. 

Azure Sentinel – The Ninja Training 2021 edition is out!Since the Ninja Training is always changing, I also include important changes over the last few months. On the other hand, there are many changes, so don’t expect this to be comprehensive.

The FAQ companion to the Azure Sentinel Ninja training – ​​​​​While extensive, the Ninja training has to follow a script and cannot expand on every topic. Like any training, you may have questions after the session. This live blog post tries to address that by providing answers to common questions ordered by the Ninja training modules. 

Azure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure SentinelTo enable rapid detection and response for attacks that cross IT/OT boundaries, Azure Defender is deeply integrated with Azure Sentinel—Microsoft’s cloud-native SIEM/SOAR platform.